Cyber Resilience

CVE-2025-14708

HighPublic PoC

Published: 15 December 2025

Published
15 December 2025
Modified
09 January 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0095 76.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14708 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Sgwbox N3 Firmware. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-14708 is a buffer overflow vulnerability (CWE-119, CWE-120) in Shiguangwu sgwbox N3 version 2.0.25. The flaw affects an unknown functionality in the /usr/sbin/http_eshell_server file of the WIREDCFGGET Interface, where manipulation of the "params" argument triggers the overflow. Published on 2025-12-15, it carries a CVSS v3.1 base score of 9.8, reflecting its critical severity.

Attackers can exploit this vulnerability remotely over the network without authentication, privileges, or user interaction (AV:N/AC:L/PR:N/UI:N/S:U). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution. A public exploit is available, increasing the risk of widespread abuse.

VulDB advisories, which serve as the primary disclosure sources, detail the issue but note that the vendor was contacted early without any response, implying no patches or official mitigations are available. Additional references include VulDB submission pages and a Notion document summarizing the sgwbox NAS N3 buffer overflow.

EU & UK References

Vulnerability details

A weakness has been identified in Shiguangwu sgwbox N3 2.0.25. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/http_eshell_server of the component WIREDCFGGET Interface. Executing manipulation of the argument params can lead to buffer overflow. The attack…

more

may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public-facing HTTP service (http_eshell_server, WIREDCFGGET interface) allows remote unauthenticated arbitrary code execution, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-14709Same product: Sgwbox N3
CVE-2025-14705Same product: Sgwbox N3
CVE-2025-14704Same product: Sgwbox N3
CVE-2025-14707Same product: Sgwbox N3
CVE-2025-14706Same product: Sgwbox N3
CVE-2025-11296Shared CWE-119, CWE-120
CVE-2025-10942Shared CWE-119, CWE-120
CVE-2026-8775Shared CWE-119, CWE-120
CVE-2026-1328Shared CWE-119, CWE-120
CVE-2026-3701Shared CWE-119, CWE-120

Affected Assets

sgwbox
n3 firmware
≤ 2.0.25

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the 'params' argument in the WIREDCFGGET interface to prevent buffer overflow exploitation from malformed inputs.

prevent

Implements memory protections such as ASLR, stack canaries, and DEP to mitigate arbitrary code execution resulting from the buffer overflow vulnerability.

prevent

Enforces boundary protection to monitor and control remote network access to the vulnerable /usr/sbin/http_eshell_server, blocking unauthenticated exploitation attempts.

References